$moduleperm_handler =& xoops_gethandler('groupperm'); if (!is_object(@$xoopsUser) || !$moduleperm_handler->checkRight('module_admin', $xoopsModule->getVar('mid'), $xoopsUser->getGroups())) { die('only admin can access this area'); } $xoopsOption['pagetype'] = 'admin'; require XOOPS_ROOT_PATH . '/include/cp_functions.php'; // initialize language manager $langmanpath = XOOPS_TRUST_PATH . '/libs/altsys/class/D3LanguageManager.class.php'; if (!file_exists($langmanpath)) { die('install the latest altsys'); } require_once $langmanpath; $langman =& D3LanguageManager::getInstance(); // sanitizer class for input validation vulnerabilities require_once dirname(__FILE__) . '/class/sanitizer.class.php'; $sani = new D3diarySanitizer(); if (!empty($_GET['lib'])) { // common libs (eg. altsys) if ($san_line = $sani->san_eval($_GET['lib']) != 1) { $lib = preg_replace('/[^a-zA-Z0-9_-]/', '', $_GET['lib']); } else { die('wrong request ' . $lib); } if ($san_line = $sani->san_eval(@$_GET['page']) != 1) { $page = preg_replace('/[^a-zA-Z0-9_-]/', '', @$_GET['page']); } else { die('wrong request ' . $page); } // check the page can be accessed (make controllers.php just under the lib) $controllers = array(); if (file_exists(XOOPS_TRUST_PATH . '/libs/' . $lib . '/controllers.php')) {
// edited naao 2010/9/26 ignore_user_abort(FALSE); //error_reporting(0); if (!isset($_GET['src'])) { exit; } // ブラウザキャッシュ有効時間(秒) $maxage = 86400; // 60*60*24 (1day) // clear output buffer while (ob_get_level()) { ob_end_clean(); } // sanitizer class for input validation vulnerabilities require_once dirname(__FILE__) . '/../class/sanitizer.class.php'; $sani = new D3diarySanitizer(); // 変数初期化 if ($san_line = $sani->san_eval($_GET['src']) != 1) { $src = preg_replace('/[^\\w.%, -]+/', '', $_GET['src']); } else { die('wrong request ' . $lib); } $src = str_replace(' ', ',', $src); $nocache = isset($_GET['nc']); $js_lang = $charset = $pre_width = $cache_file = $gzip_fname = $dir = $out = $type = $src_file = ''; $addcss = array(); $length = $addtime = 0; $method = empty($_SERVER['REQUEST_METHOD']) ? 'GET' : strtoupper($_SERVER['REQUEST_METHOD']); $pre_id = ''; $js_replaces = array(); if (preg_match('/^(.+)\\.([^.]+)$/', $src, $match)) {